summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2021-10-23 08:13:02 +0000
committerjsing <>2021-10-23 08:13:02 +0000
commit0b36022618e1b10350432bff13aba6c2b4eaef60 (patch)
tree613fd958468b739220f6320e5418b953a51698b8
parentb2cf79a9312a9785e1fcdb77f637203de75b4f46 (diff)
downloadopenbsd-0b36022618e1b10350432bff13aba6c2b4eaef60.tar.gz
openbsd-0b36022618e1b10350432bff13aba6c2b4eaef60.tar.bz2
openbsd-0b36022618e1b10350432bff13aba6c2b4eaef60.zip
Change tlsext_tick_lifetime_hint to uint32_t.
Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long to uint32_t (matching RFC4507), rather than continuing to work around an inappropriate type choice. ok tb@
Diffstat
-rw-r--r--src/lib/libssl/ssl_asn1.c9
-rw-r--r--src/lib/libssl/ssl_clnt.c7
-rw-r--r--src/lib/libssl/ssl_locl.h8
-rw-r--r--src/lib/libssl/ssl_txt.c4
4 files changed, 11 insertions, 17 deletions
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 6ff7ca5476..2af6834d88 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_asn1.c,v 1.59 2021/05/16 14:10:43 jsing Exp $ */ 1/* $OpenBSD: ssl_asn1.c,v 1.60 2021/10/23 08:13:02 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2016 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -388,16 +388,13 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
388 388
389 /* Ticket lifetime [9]. */ 389 /* Ticket lifetime [9]. */
390 s->tlsext_tick_lifetime_hint = 0; 390 s->tlsext_tick_lifetime_hint = 0;
391 /* XXX - tlsext_ticklen is not yet set... */
392 if (s->tlsext_ticklen > 0 && s->session_id_length > 0)
393 s->tlsext_tick_lifetime_hint = -1;
394 if (!CBS_get_optional_asn1_uint64(&session, &lifetime, 391 if (!CBS_get_optional_asn1_uint64(&session, &lifetime,
395 SSLASN1_LIFETIME_TAG, 0)) 392 SSLASN1_LIFETIME_TAG, 0))
396 goto err; 393 goto err;
397 if (lifetime > LONG_MAX) 394 if (lifetime > UINT32_MAX)
398 goto err; 395 goto err;
399 if (lifetime > 0) 396 if (lifetime > 0)
400 s->tlsext_tick_lifetime_hint = (long)lifetime; 397 s->tlsext_tick_lifetime_hint = (uint32_t)lifetime;
401 398
402 /* Ticket [10]. */ 399 /* Ticket [10]. */
403 free(s->tlsext_tick); 400 free(s->tlsext_tick);
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index ddab394db9..bcf5108975 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.111 2021/09/03 13:18:17 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.112 2021/10/23 08:13:02 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1789,16 +1789,13 @@ ssl3_get_new_session_ticket(SSL *s)
1789 1789
1790 CBS_init(&cbs, s->internal->init_msg, n); 1790 CBS_init(&cbs, s->internal->init_msg, n);
1791 if (!CBS_get_u32(&cbs, &lifetime_hint) || 1791 if (!CBS_get_u32(&cbs, &lifetime_hint) ||
1792#if UINT32_MAX > LONG_MAX
1793 lifetime_hint > LONG_MAX ||
1794#endif
1795 !CBS_get_u16_length_prefixed(&cbs, &session_ticket) || 1792 !CBS_get_u16_length_prefixed(&cbs, &session_ticket) ||
1796 CBS_len(&cbs) != 0) { 1793 CBS_len(&cbs) != 0) {
1797 al = SSL_AD_DECODE_ERROR; 1794 al = SSL_AD_DECODE_ERROR;
1798 SSLerror(s, SSL_R_LENGTH_MISMATCH); 1795 SSLerror(s, SSL_R_LENGTH_MISMATCH);
1799 goto fatal_err; 1796 goto fatal_err;
1800 } 1797 }
1801 s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint; 1798 s->session->tlsext_tick_lifetime_hint = lifetime_hint;
1802 1799
1803 if (!CBS_stow(&session_ticket, &s->session->tlsext_tick, 1800 if (!CBS_stow(&session_ticket, &s->session->tlsext_tick,
1804 &s->session->tlsext_ticklen)) { 1801 &s->session->tlsext_ticklen)) {
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index f102c2fc95..6a6903d95b 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.359 2021/10/15 16:48:47 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.360 2021/10/23 08:13:02 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -496,9 +496,9 @@ struct ssl_session_st {
496 char *tlsext_hostname; 496 char *tlsext_hostname;
497 497
498 /* RFC4507 info */ 498 /* RFC4507 info */
499 unsigned char *tlsext_tick; /* Session ticket */ 499 unsigned char *tlsext_tick; /* Session ticket */
500 size_t tlsext_ticklen; /* Session ticket length */ 500 size_t tlsext_ticklen; /* Session ticket length */
501 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ 501 uint32_t tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
502 502
503 struct ssl_session_internal_st *internal; 503 struct ssl_session_internal_st *internal;
504}; 504};
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
index 4281cd279d..e06808ac80 100644
--- a/src/lib/libssl/ssl_txt.c
+++ b/src/lib/libssl/ssl_txt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_txt.c,v 1.29 2021/06/11 11:13:53 jsing Exp $ */ 1/* $OpenBSD: ssl_txt.c,v 1.30 2021/10/23 08:13:02 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -151,7 +151,7 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
151 } 151 }
152 if (x->tlsext_tick_lifetime_hint) { 152 if (x->tlsext_tick_lifetime_hint) {
153 if (BIO_printf(bp, 153 if (BIO_printf(bp,
154 "\n TLS session ticket lifetime hint: %ld (seconds)", 154 "\n TLS session ticket lifetime hint: %u (seconds)",
155 x->tlsext_tick_lifetime_hint) <= 0) 155 x->tlsext_tick_lifetime_hint) <= 0)
156 goto err; 156 goto err;
157 } 157 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 15:19:13 +0000